Cyber insurance is stuck in a prolonged period of dissatisfaction and slow progress. Carriers are grappling with unpredictable market swings, squeezed pricing, and uneven growth, leaving many feeling trapped in a cycle with no clear way forward.
According to a recent study by Munich Re, the worldwide cyber insurance market reached $15.3 billion in 2024, with projections pointing to $16.3 billion by the close of 2025. While those figures sound impressive in isolation, the 2024 total accounted for less than 1% of the global property and casualty insurance market that same year — a stark reminder of how small this segment remains relative to the broader industry.
The root cause of this stagnation is structural, not motivational. Insurers aren’t lacking ambition or initiative. What’s missing is more dependable, granular data from the ground up and stronger alliances with technology partners. Despite current frustrations, the cyber insurance space still represents a largely untapped growth frontier — a huge share of businesses remain either underinsured or entirely uninsured against cyber threats.
Why insurers feel trapped
Four main pain points are driving frustration among cyber insurance carriers.
Unpredictable and unstable market cycles: Price swings are making portfolio planning and risk management extremely difficult. The cyber market doesn’t behave like traditional property and casualty lines — the movements are sharper and harder to anticipate. Premium levels for cyber insurance are heavily influenced by the claims history within particular industry verticals. As one Canadian broker puts it, “Segments that have seen frequent or severe claims are facing dramatic rate hikes, with some renewals jumping between 100% and 300% — even 400%. Meanwhile, sectors with few claims are enjoying significant relief, with premiums cut by as much as half.”
Broker burnout and shrinking reinvestment capacity: Thick workloads combined with thin profit margins leave little room for brokers to scale their advisory offerings. Brokers are caught in a self-reinforcing loop. Their clients consistently push for better pricing, retentions, and policy language, which demands intense negotiation with insurers. But because broker commissions are tied to the premium their clients actually pay, a soft pricing environment directly eats into their income — at the same time they’re putting in more effort on each placement. The end result: brokers simply don’t have the bandwidth, revenue cushion, or bandwidth to put resources into tools and services that would make their operations more efficient or broaden their cyber risk consulting. Until this loop is disrupted, the traditional broker model is under threat, and meaningful innovation will continue to stall.
Underwriters held back by old data and legacy systems: Too many decisions are still driven by broad assumptions instead of rigorous, actuarial-grade data. When it comes to securing capital or reinsurance backing, carriers need a structured methodology with standardized, validated data that demonstrates they have the safeguards in place to manage claims exposure effectively.
Lackluster top-line growth: There’s a real risk that falling premiums could outpace the influx of new policyholders, a concern voiced recently by several leading cyber insurers. The silver lining, though, is that the market remains wide open — most companies are still underinsured or have no cyber coverage whatsoever.
Why innovation has hit a wall
Insurers are bombarded by a flood of technology vendors all claiming to offer automation, better cyber risk assessment, and improved visibility. Yet too many of these tools produce vague or low-impact results, introducing reputational risk alongside the operational burden. Decision-makers are worn out by the endless task of sorting through overlapping and often unproven solutions.
On the other side, cybersecurity vendors share the frustration,-facing drawn-out and inconsistent insurance sales processes. The cumulative effect of this mutual friction is slower adoption, fewer experiments, and sluggish innovation.
Compounding the disconnect, cyber insurance remains largely divorced from the day-to-day realities of security operations. The questions on insurance applications are vague and inconsistent, and they don’t map onto how security teams actually work or how they document their controls. Take a standard application question like “Is multifactor authentication enabled?” For a security team, that answer could involve dozens of different systems. You might have MFA on your email platform but nowhere else — a glaring security gap that a simple yes-or-no question completely misses.
There’s also a timing mismatch between underwriting cycles and real-world security conditions. Insurance renewals happen annually, but businesses are dealing with a constantly shifting security landscape. The function of cybersecurity is to help an organization identify and reduce risk, and insurance is simply one tool for financial risk transfer within that broader framework.
In an ideal world, cybersecurity investments help a company reach an acceptable risk level. But if the cost of additional controls is prohibitive, transferring some of that risk financially to an insurer becomes a viable alternative. Large enterprises may be comfortable with annual coverage since they purchase substantial limits. But small and medium-sized businesses face shifting risk profiles that warrant more flexible insurance products — monthly contracts, for instance — that can adapt as exposures change.
Another hurdle is scattered and unverifiable data across the enterprise. On average, organizations rely on 83 separate security tools from 29 different vendors, producing a patchwork of inconsistent and siloed security postures.
There’s no standardized, detailed source of truth about a company’s actual cyber hygiene — nothing comparable to physical inspections and building codes used in property underwriting. The cyber insurance world lacks rigorous, ground-truth data collection and validation mechanisms. So underwriters sense their risk models are “a bit off” but don’t have the reliable data they need to course-correct.
Better data architecture will drive capital efficiency and growth
What insurers truly need isn’t more noise or lengthier questionnaires — it’s standardized, field-level data they can trust. Continuous, verifiable evidence improves three critical areas:
- Actuarial modeling and portfolio analytics.
- Reinsurance negotiations and capital deployment efficiency.
- Underwriting precision and lower accumulation risk.
With better data, insurers can confidently expand their coverage offerings, reach new segments of buyers, and reduce the uncertainty that holds them back. Collaborative partnerships between insurers, cybersecurity vendors, and specialized data providers can stitch together today’s fragmented information landscape into something far more coherent and actionable.
Building momentum instead of frustration
The cyber insurance sector is in the grip of what many describe as a “moment of frustration” — carriers wrestling with extended market downturns, relentless downward pressure on premiums, and limited capacity to invest in innovation. The forces behind that frustration include brokers who can’t reinvest in growth, underwriters hampered by outdated data models, and the relentless drain of “vendor fatigue” as insurers sift through a sea of technology solutions that have yet to deliver compelling returns. Adding to the tension, technology and cybersecurity vendors — accustomed to fast iteration and rapid decision-making — are equally frustrated by the slow, deliberate pace of insurance sales cycles. Smarter, field-level data structures coupled with more strategic partnerships can unlock capital efficiency and reignite momentum in a stalled market.
Advances powered by modern technologies — particularly machine learning and artificial intelligence — will give the industry a far sharper lens for evaluating cyber risk. As analytical capabilities deepen, capital markets are expected to become more engaged in supporting the digital economy’s overall cyber resilience through innovative, fit-for-purpose insurance products.
About the Author
Max Perkins serves as Head of Insurance Solutions and Chief Operating Officer at Spektrum Labs, an AI-driven cyber resilience company that builds agents and tools to reduce the time, cost, and complexity of maintaining provable, effective security and insurability. Spektrum bridges the historically separate worlds of cybersecurity, data backup, and insurance into one unified, continuous, automated platform. By integrating these traditionally siloed functions, Spektrum empowers businesses to demonstrate and sustain end-to-end resilience — from stopping cyber attacks, to rapid incident recovery, to securing financial protection — all within a single system. Spektrum unlocks resilience by automating and verifying the link between security posture and insurance, enabling organizations to bounce back faster and safeguard their future.
Before joining Spektrum, Max built his career in insurance and risk management, with deep expertise in intangible boardroom-level risks such as cyber, privacy, and intellectual property, as well as the broader impact of technology on business operations. He previously led Strategy & Innovation for AXIS Capital’s Cyber & Technology underwriting team, where his responsibilities spanned risk capital management and spearheading the launch of the world’s first securitized 144a Cyber Cat Bond. Prior to AXIS, which he joined in April 2020, he held roles as an insurance broker at Lockton Companies and as an underwriter at AIG, CHUBB, and Beazley — working across both U.S. and London markets.
Max lives in Durham, North Carolina, with his family. He serves on the Board of Trustees at Duke University as well as President-Elect of the university’s Alumni Board. He is also a member of the Emily Krzyzewski Center Board of Directors, a nonprofit focused on expanding educational access.
Max can be reached on LinkedIn and at
